Security OperationsSecurity
Blog8 minute read

Avoiding the "Dark Ages" of the Trained Cyber Workforce

AI is revolutionizing cybersecurity by automating routine tasks, allowing professionals to focus on strategic decision-making. This shift demands new skills that blend game theory, critical thinking and business acumen. Without updated training, we risk a digital "Dark Age." Embracing this evolution ensures robust protection and aligns security with organizational goals.

In this blog

  1. Understanding game theory in cybersecurity
  2. Smart decision-making and beating cognitive biases
  3. Aligning cyber strategies with company goals
  4. Education for cybersecurity professionals
  5. In closing…

AI ushers in a new era for security operations

In recent years, the cybersecurity landscape has been transformed, largely due to advancements in artificial intelligence (AI). These intelligent systems are fast becoming copilots in the field, handling what I predict to be over 80 percent of the repetitive and mundane tasks that once demanded operators' time — expect that within the next three years. By automating such duties, AI frees up professionals to focus on more strategic responsibilities. 

This fundamental shift enhances efficiency but also demands new skills from cybersecurity experts. If a change is not made at the collegiate level (and echoed by industry certifying groups like ISC(2), ISACA and others), we risk a digital "Dark Age" for trained security professionals — further widening the gap between what the industry needs and what is available in the workforce.

AI copilots take the helm

Imagine pilots flying planes. They rely on autopilot systems to maintain course while handling emergencies or critical decisions themselves. Today's cybersecurity teams are beginning to experience something similar with AI copilots:

  • Automation of routine tasks: AI handles detection and initial response efforts, filtering out routine alerts and allowing team members to engage where human insight is truly needed.
  • Better connection of information: The dots that humans sometimes miss, AI connects seamlessly. For instance, recognizing patterns across vast data sets swiftly identifies potential threats, often before they fully materialize.

With AI taking on burdensome tasks, cybersecurity operators now focus more on decision-making processes once reserved for business leaders and owners:

  • Strategic assessment: Training to weigh risks versus rewards is suddenly central for security professionals. It's not just about spotting threats but deciding how best to tackle them amid competing priorities.
  • Critical analysis: Operators now need the ability to analyze situations deeply, understanding their implications and crafting strategies that align with organizational goals.
  • Collaboration and leadership: As their roles become more integrated in high-level decision-making, cybersecurity experts can start bridging gaps between IT and business functions.
  • Stakeholder communication: Developing skills in effective communication ensures security measures align with broader company initiatives, facilitating smoother implementation and cooperation.

This transformation requires updated training programs and educational efforts:

  • Enhancing judgment skills: Courses increasingly focus on developing judgment rather than task execution, preparing professionals for a future where robotics and AI lead operational work. To my knowledge, this does not exist anywhere in the cybersecurity training world, except perhaps some very specialized courses for CISOs or the high-quality (and niche) training provided by GIAC/SANS.
  • Simulating real-world scenarios: Using simulations where decisions must guide outcomes helps refine these crucial abilities within teams — which is also why WWT has invested so heavily in our Cyber Range platform for hands-on training and developing situational awareness.

As advancements in AI bring changes across cybersecurity, old paradigms wane and new expectations dawn. Tasked with evaluating complex scenarios, today's professionals have roles beyond prior definitions — shaping risk management strategies tightly interwoven with every part of the company's operations. So, embracing this evolving landscape allows existing and aspiring cybersecurity experts to navigate confidently through uncharted waters as they prepare for an exciting, opportunity-laden future.

 Understanding game theory in cybersecurity

Cybersecurity is more important than ever. With threats becoming more sophisticated, companies need to step up their game to protect themselves. Cybersecurity experts can use game theory, smart decision-making and business know-how to tackle modern challenges. 

Consider a game of chess. Just like chess players think several moves ahead, cybersecurity professionals must anticipate hacker tactics. They can't just react. If hackers find a vulnerability — a weak spot — they'll exploit it. Cybersecurity teams have to guess attackers' next steps and plan counter moves.

In real-life scenarios, companies simulate potential attacks using game theory principles. By understanding potential moves an attacker might make, they prepare defenses in advance. This way, attackers face more obstacles than they expect, making it harder for them to succeed.

  • Building adaptive defenses: Cybersecurity teams design systems that can change quickly, responding to threats as they evolve.
  • Predicting attacker moves: Just like predicting your chess opponent, cybersecurity experts use game theory to understand how hackers might act.
  • Balancing risks and rewards: It's about making calculated guesses, not acting out of fear.

 Smart decision-making and beating cognitive biases

Everyone makes decisions based on biases — patterns we've learned over time that might lead us astray. Think about a time when you made a choice that seemed good at first, but wasn't. Maybe it was buying into a sale without checking the price elsewhere. In cybersecurity, these biases can lead to poor security decisions.

Picture this: Lucy hears about a one-day-only sale online. Without double-checking the seller's integrity or even looking for reviews, she goes ahead and purchases. Later, she finds out it's a scam. This is similar to how some businesses may rush to adopt new cyber solutions without fully testing them. That's when biases cloud judgment.

Here are some principles from game theory and strategic thinking that can be applied to security operations and the next-gen SOC (of the future).

  • System 1 vs. System 2 thinking: Daniel Kahneman, a psychologist, discusses System 1 (fast thinking) and System 2 (slow thinking). Cyber experts need to engage System 2—being analytical—to verify threats and make informed decisions.
  • Avoiding anchors: If the first piece of information you get turns out to be false, every decision afterward might be wrong. For example, if someone tells you a new software isn't secure without any proof, that's anchoring bias.
  • Learning from costs: Say you've invested time in a project. It starts failing, but you keep going because of what's already spent — the sunk cost fallacy. In cybersecurity, sticking with outdated methods just because "we've always done it this way" can make you vulnerable.
  • Balancing losses and gains: Loss aversion means fearing losses more than valuing gains. Companies sometimes take drastic actions to prevent minor breaches while ignoring more considerable risks.
  • Social influence: If everyone says a product is safe, does that mean it really is? Cybersecurity leaders must critically evaluate products rather than rely solely on popular opinion.

 Aligning cyber strategies with company goals

Successful cybersecurity isn't just about technology. It's about aligning security measures with the goals of the company.

Imagine a bakery that wants to expand its delivery service to reach new customers. They've developed an app for online orders, but they need to ensure customer data stays safe. While the ultimate goal is growth, they can't ignore security for convenience. Otherwise, a data breach could ruin the reputation and expansion plans.

Here are some basic business strategy guidelines. Consider if your average cybersecurity operator has a context for these concepts — and whether training these principles is part of any security education, "zero to hero," program you've ever developed or participated in:

  • Setting clear objectives: Know where you want to go. Just like the bakery wanted more customers, companies must define their cybersecurity goals in line with business strategies.
  • Smart resource management: Investing wisely in the most critical areas of cybersecurity helps achieve business objectives without overspending.
  • Looking long-term: Companies should focus on sustainable protection rather than quick fixes, ensuring continued growth without security blips.

 Education for cybersecurity professionals

The world of cybersecurity is fast-paced. To keep up, professionals need to upgrade their skills continually and adapt to new conditions.

Jake was a scout leader who believed in always being prepared. As times changed, he learned new techniques, helping his troop navigate modern challenges. Similarly, cybersecurity experts must keep learning and adapting to the rapidly changing tech world.

Below are a few recommendations to take right now to establish a foundation (or at least expectation) for critical thinking and business-minded problem solving among SOC operators and cybersecurity leaders:

  • Fostering critical thinking: Training programs should emphasize problem-solving and critical analysis, enabling professionals to see beyond immediate issues.
  • Encouraging reflection: Regularly reviewing past decisions helps professionals learn from mistakes and successes, ensuring continuous improvement.
  • Promoting interdisciplinary collaboration: Working with different business units ensures cybersecurity aligns well with company objectives, creating a holistic defensive strategy.
  • Implementing simulations: Conducting mock drills prepares teams for real threats, building confidence and readiness, such as the numerous tabletop scenarios offered by WWT.
  • Recognizing the human element: Technology alone isn't enough. Human insight and intuition are essential for spotting unconventional patterns and threats.

 In closing…

Avoiding the dark ages of equipped cybersecurity professionals means bringing game theory, smart decision-making and business sense into cybersecurity operations. This transforms how we approach security challenges. Stories of everyday examples — like the chess match or the bakery expansion — illustrate the importance of strategic thinking and aligned objectives in practice, anchoring these principles to the real world. It's my hope as (or if?) this concept takes root, we'll see more practical examples from cyber operators and next-gen SOC leaders on how game theory can be a critical component of any training program, whether offered through a formal course or trained into someone through hands-on scenarios.

Educating cybersecurity professionals about cognitive biases and fostering continuous learning prepares them for complex, unforeseen threats. By doing so, companies can not only survive but thrive in this new digital era. As we advance, integrating these disciplines will ensure robust protection and propel organizations forward, keeping pace with the rapid evolution of technology and cyber challenges.